CVE-2019-5435 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | libcurl before 7.65.0 contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require excessive string input lengths. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-963 | lib32-curl | 7.64.1-1 | 7.65.0-1 | High | Fixed | |
| AVG-962 | lib32-libcurl-compat | 7.64.1-1 | 7.65.0-1 | High | Fixed | |
| AVG-961 | lib32-libcurl-gnutls | 7.64.1-1 | 7.65.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 31 May 2019 | ASA-201905-15 | AVG-963 | lib32-curl | High | arbitrary code execution |
| 31 May 2019 | ASA-201905-14 | AVG-962 | lib32-libcurl-compat | High | arbitrary code execution |
| 31 May 2019 | ASA-201905-13 | AVG-961 | lib32-libcurl-gnutls | High | arbitrary code execution |
| References |
|---|
https://curl.haxx.se/docs/CVE-2019-5435.html https://github.com/curl/curl/commit/5fc28510a4664f4 |